nustrk.com

Privacy Protection Service INC d/b/a PrivacyProtect.org  (Proxy Registrant)

Domain Information

The domain nustrk.com is registered by proxy through PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM and was originally registered in September of 2013. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted servers are located in Austin, Texas within the United States which resides on the YHC Corporation network.
Registrar:
PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

Server location:
Texas, United States (US)

Create date:
Friday, September 20, 2013

Expires date:
Sunday, September 20, 2015

Updated date:
Sunday, September 21, 2014

ASN:
AS40034 CONFLUENCE-NETWORK-INC - Confluence Networks Inc,VG

Scanner detections:
Detections  (98% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.WARPINSTALLER.F, PUP.Installer.SystemApplet.S, PUP.Installer.WARPINSTALLER.O, PUP.INSTALLMYSOFTWARE.N, PUP.Installer.ClickAccept.N, PUP.Installer.SafeDown.M, PUP.Installer.SOFTWAREINSTALLER.S, PUP.Installer.SafeDown.R, PUP.Installer.Fileangels.F, PUP.Installer.SafeDown.Q, PUP.Installer.Fileprotected.F, PUP.Installer.FileFalcon.V, PUP.Installer.Fileadventure, PUP.Bundler.Adknowledge, PUP.Adknowledge.Bundler, PUP.Adknowledge.Installer, PUP.Adknowledge.TINYINSTALLER.Installer (M), PUP.Adknowledge.Bundler (M), PUP.Adknowledge.SafeDown.Bundler (M), PUP.Adknowledge.FusionInstall.Installer (M), PUP.Adknowledge.INSTALLDOTEXE.Installer (M), PUP.Adknowledge.Dashboot.Installer (M), PUP.Adknowledge.Fileadventure.Bundler (M), PUP.Adknowledge.SETUPDOTEXE.Bundler (M), PUP.Adknowledge.INSTALLD.Installer (M), PUP.Adknowledge.Fileange.Bundler (M), PUP.Adknowledge.Fileadve.Bundler (M), PUP.Adknowledge.Installer (M), PUP.Adknowledge.TINYINST.Bundler (M), PUP.Adknowledge.SETUPDOT.Bundler (M), PUP.Adknowledge.WARPINST.Bundler (M), PUP.Adknowledge.FusionIn.Bundler (M), PUP.Adknowledge (M)
100.00%

Malwarebytes
PUP.Optional.OptimumInstaller.A, PUP.Optional.OptimunInstaller, PUP.Optional.iBryte, PUP.Optional.Ibryte, PUP.Optional.IBryte
44.90%

Dr.Web
Trojan.Packed.26508, Trojan.Packed.27655, Adware.Downware.6099, Trojan.DownLoader11.32333, Trojan.DownLoader11.34291, Trojan.DownLoader11.26958
44.90%

VIPRE Antivirus
Trojan.Win32.Generic, Threat.4150696, Optimum Installer, Threat.4778314, Threat.4798837, Threat.5064731
44.90%

AVG
Adware AdPlugin.JE, Win.Threat.Medium, Adware AdPlugin.AIV, Adware AdPlugin.AKC, Adware AdPlugin.ZC, Adware AdPlugin.BRI
44.90%

Avira AntiVirus
ADWARE/Adware.Gen7, ADWARE/iBryte.Gen7, Adware/iBryte.bxou, Adware/iBryte.bxor, ADWARE/iBryte.Gen4, Adware/iBryte.bxpg, Adware/iBryte.zline
42.86%

K7 Gateway Antivirus
Unwanted-Program , Trojan , Adware
42.86%

NANO AntiVirus
Trojan.Win32.Badur.cxnrwx, Trojan.Win32.Agent.cxjjsz, Trojan.Win32.DownLoader11.dfedxj, Trojan.Win32.Buzus.dffyza, Riskware.Win32.IBryte.ddthor
42.86%

F-Prot
W32/DomaIQ.G2.gen, W32/A-85132f45, W32/A-c255719d, W32/A-34fffba4, W32/A-8041faaf, W32/A-512ed8f8, W32/A-cb5bb8f6, W32/A-2b3be3da
42.86%

K7 AntiVirus
Unwanted-Program , Adware , Riskware
40.82%

Comodo Security
Application.Win32.iBryte.WRP, Application.Win32.AgentCV.HWYE, Application.Win32.Optimum.DS, Application.Win32.Ibryte.NW
40.82%

G Data
Win32.Adware.Ibryte, Gen:Variant.Adware.iBryte, Win32.Adware.IBryte, Gen:Variant.Application.Bundler.25, Gen:Variant.Adware.Kazy.501097
40.82%

avast!
Win32:IBryte-CY [PUP], Win32:IBryte-DB [PUP], Win32:IBryte-DY [PUP], Win32:Adware-gen [Adw], Win32:IBryte-EE [PUP], Win32:IBryte-GA [PUP]
40.82%

Vba32 AntiVirus
AdWare.iBryte, Trojan.Buzus, suspected of Trojan.Downloader.gen.h, Downloader.Agent
40.82%

Zillya! Antivirus
Adware.iBryte.Win32.864, Adware.iBryte.Win32.854, Trojan.Buzus.Win32.122155, Adware.iBryte.Win32.1495, Adware.iBryte.Win32.2636
38.78%

The domain nustrk.com has been seen to resolve to the following 5 IP addresses.

209-99-40-222.fwd.datafoundry.com
October 29, 2015

August 17, 2014

August 17, 2014

December 23, 2013

December 23, 2013

File downloads found at URLs served by nustrk.com.

1 / 68      (Adware)
http://nustrk.com/base2.php  (adobe-reader.exe)

The following 47 files have been seen to comunicate with nustrk.com in live environments.

 
Latest 20 of 53 files

URL:
http://nustrk.com/

SSL certificate subject:
CN=sni60371.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated

SSL certificate issuer:
CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Web server:
Apache